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DETAILED ACTION 

Response to Amendment 
This office action is in response to application filed on November 17, 2005. Original 
application contained. Claims 1-10. Claims are 1-10 are pending. 



Claim Rejections - 35 USC § 101 

1. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufactvffe, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

2. Claims 1-10 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. 

Claims 1, and 7 are rejected under 35 U.S.C. 101 based on Supreme Court precedent and 
recent Federal Circuit decisions, a 35 U.S.C § 101 process must (1) be tied to a particular 
machine or (2) transform underlying subject matter (such as an article or materials) to a different 
state or thing. In re Bilski et al, 88 USPQ 2d 1385 CAFC (2008); Diamond v. Diehr, 450 U.S. 
175, 184 (1981); Parker v. Flook, 437 U.S. 584, 588 n.9 (1978); Gottschalk v. Benson, 409 U.S. 
63, 70 (1972); Cochrane v. Deener, 94 U.S. 780,787-88 (1876). 



Application/Control Number: 1 0/532,54 1 Page 3 

Art Unit: 2431 

An example of a method claim that would not qualify as a statutory process would be a 
claim that recited purely mental steps. Thus, to qualify as a § 101 statutory process, the claim 
should positively recite the particular machine to which it is tied , for example by identifying the 
apparatus that accomplishes the method steps, or positively recite the subject matter that is being 
transformed, for example by identifying the material that is being changed to a different state. 

Here, applicant's method steps are not tied to a particular machine. Thus, the claims are 
non-statutory. 

The mere recitation of the machine in the preamble with an absence of a machine in the 
body of the claim fails to make the claim statutory under 35 USC 101 . Note the Board of Patent 
Appeals Informative Opinion Ex parte Langemyer et al. 



Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in secfion 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the EngUsh language. 



Claims 1-10 are rejected under 35 U.S.C. 102(e) as being anticipated by Challener et al. 
(U. S. Patent 6,718,468). 
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1 . Regarding Claim 1 , Challener teach and describe a secure transaction process, 
comprising generating a key from a user-supplied unencrypted password, encrypting the user's 
password with the key, creating a user record, storing the encrypted password in the user record 
(col.4 line 7 to col.5 line 24).. 

2. Regarding Claim 7 Challener teach and describe a secure fransaction process, comprising 
generating an encryption key from user-supplied identification data, encrypting the user's 
identification data with the key, creating a user record, storing the encrypted identification data 
in the user record (col.4 line 7 to col.5 line 24). 

3. Claims 2-6, and 8-10 are rejected applied as above rejecting Claims 1 and 7. 
Furthermore, Challener teach and describe a system and method of security and user 
authentication, wherein: 

As per Claim 2, further comprising upon user login, generating a key from a would-be 
user's password using the same algorithm used to generate the key from the originally supplied 
unencrj^ted password, retrieving the corresponding user record, decrypting the encrypted 
password in the user record using the key, comparing the decrypted password with the would-be 
user-suppUed password to see if they match (col.4 line 7 to line 63). 

As per Claim 3, further comprising if the decrypted password and user-supplied password 
match, creating a temporary session record and storing the key in the session record, otherwise 
aborting the user login (col.4 line 43 to line 63). 
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As per Claim 4, fiirther comprising encrypting other sensitive user data using the key and 
storing the encrypted data in the user record, during a session wherein a session record has been 
created, using the key stored in the session record to decrypt other encrypted information stored 
in the user record for use in canying out some desired action (col. 3 line 55 to col.4 line 7, and 
col. 4 line 66 to col. 5 line 24).. 

As per Claim 5, further comprising generating a public/private key pair, storing the 
public key on an application server and the mating private key only another server, encrypting 
the original user-supplied unencrypted password with the pubhc key and storing the public-key 
encrypted password on the application server, fetching the private key from the other server and 
using it to decrypt selected information on the one server (col.4 line 7 to col.5 line 24).. 

As per Claim 6, fiirther wherein the other server is a secure off-site server (col.4 line 7 to 
line 30). 

As per Claim 8, further comprising upon user login, generating a key from a would-be 
user's identification data supplied at login using the same algorithm used to generate the key 
from the originally supplied unencrypted identification data, retrieving the corresponding user 
record, decrypting the encrypted identification data in the user record using the key, comparing 
the decrypted identification data with the would-be user-supplied identification data to see if they 
match (col.4 line 7 to line 63). 

As per Claim 9, further comprising if the decrypted identification data and user-supplied 
identification data match, creating a temporary session record and storing the key in the session 
record, otherwise aborting the user login (col.4 line 42 to line 63). 
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As per Claim 10, further comprising encrypting other sensitive user data using the key 
and storing the encrypted data in the user record, during a session wherein a session record has 
been created, using the key stored in the session record to decrypt other encrypted information 
stored in the user record for use in carrying out some desired action (col. 3 line 55 to col.4 line 7, 
and col.4 line 66 to col.5 line 24). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

sz 

February 1,2009 
/Syed Zia/ 

Primary Examiner, Art Unit 243 1 



